Presentation is loading. Please wait.

Presentation is loading. Please wait.

Contracting for the Cloud

Published byElvin Matthews Modified over 6 years ago

Similar presentations

Presentation on theme: "Contracting for the Cloud"— Presentation transcript:

1 Contracting for the Cloud
Marcus Lee

2 What is “Cloud Computing”?
The use of computing resources (hardware and software) that are delivered as a service over a network (typically the internet). Google Apps Amazon Web Services Microsoft Cloud

3 Three Main Cloud Computing Models:
1. Infrastructure as a Service (IaaS) An organization outsources the equipment used to support operations, including storage, hardware, servers and network components. The service provider owns the equipment and is responsible for running and maintaining it. The client typically pays on a per-use basis.

4 Three Main Cloud Computing Models: 2. Platform as a Service (PaaS)
A method to rent hardware, operating systems, storage and network capacity over the Internet in order for client to develop, test and deploy software applications.

5 Three Main Cloud Computing Models: 3. Software as a Service (SaaS)
The service provider delivers software via the Internet for use by the client. Client doesn’t need to install applications on its own servers or computers. Typically only need a web-browser to use the software.

6 Four Types of Clouds: 1. Private Cloud
Operated for a single organization 2. Community Cloud Operated for use by a specific community of users.

7 Four Types of Clouds: 3. Public Cloud
Delivery of cloud services over the Internet to the general public. 4. Hybrid Cloud A cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally.

8 Benefits to Cloud Computing:
Cost Reduction (savings on hardware and software infrastructure and IT personnel) Scalability (easily increase or decrease use based on needs) Converting capital expenditures into operational expenses

9 Risks to Cloud Computing:
Data Security Availability of Service Data Ownership

10 Contractual Issues Data Ownership and Access
Acknowledgment that all data you input into the software or provide the vendor is owned by you Requirement that, at the termination of the contract, the vendor will provide you a copy of your data in an agreed-upon format Requirement that vendor permanently deletes all copies of your data at the termination of the contract (including back-up media) Maintain a copy of all data you provide the vendor Litigation-cooperation clause requiring the vendor to preserve your data and cooperate with any discovery requests if you become involved in any litigation

11 Contractual Issues Service Levels
Uptime guarantee (e.g., you will be able to access and use the services 99 percent of the time) Support response time guarantee (e.g., vendor will respond to service issues within one business hour) Server response time guarantee (e.g., the services will process transactions within an agreed-upon time frame)

12 Contractual Issues Service Levels
Measurement Requirements: Require provider to actively monitor SLAs and provide a monthly report Remedies for SLA failures: Credit of refund of fees Right to terminate for very poor performance (e.g., Less than 90% uptime during a month) Right to terminate your contract for persistent service level failures (e.g., 3 or more SLA failures in 6 month period)

13 Contractual Issues Sample Language:
Service Level Commitment. Service Provider agrees that the Hosted Software will be Available to Customer 99% of the minutes during each month (the “Availability Standard”). If the Availability Standard is not met for a given month, then Service Provider will provide Customer with the following refund: If the Availability of the Hosted Software for a given month is: Then Service Provider shall provide Customer a refund equal to: 99% or more $0 95% to 98.99% 10% times the monthly hosting fee 90% to 94.99% 25% times the monthly hosting fee 85% to 89.99% 50% times the monthly hosting fee 80% to 84.99% 75% times the monthly hosting fee 75% to 79.99% 100% times the monthly hosting fee

14 Contractual Issues Sample Language:
For purposes of this Agreement, “Available” means Customer is able to access and use the Hosted Software, the Hosted Software is not experiencing a Priority Level 1 or 2 Issue, and the server response time to all accesses of the Hosted Software is less than 1.5 seconds. Service Provider shall maintain accurate records sufficient to show the number of minutes that the Hosted Software was Available during each month. Service Provider will promptly provide Customer with a copy of such records at such times as requested by Customer. The remedies in this Section shall apply regardless of whether the un-Availability results from a Force Majeure Event. Minutes during which the Hosted Software is not Available because of scheduled maintenance activities will not be counted as minutes when the Hosted Software is not Available so long as (i) the scheduled maintenance occurs during the hours of 11 PM to 5 AM, Eastern Time and (ii) Service Provider provides Customer with five business days prior written notice of the date and time of the scheduled maintenance.

15 Contractual Issues Back-Up Capability
Redundant systems in place so that if vendor’s main data center goes down (e.g., because of a natural disaster or cyber attack), you will continue to be able to access and use the services Have IT professional review vendor’s back-up policies Required procedure for backing up your data

16 Contractual Issues Sample Language:
Hosting Sites. The primary site for the Hosting Services will be at a carrier grade facility located at the place designated in the applicable Software Hosting Description Document and the secondary site for the Hosting Services will be at a carrier grade facility located at the place designated in the applicable Software Hosting Description Document (each, a “Hosting Site”). Service Provider shall not change the location of a Hosting Site without Customer’s written approval. Back-up and Disaster Recovery. Each Hosting Site shall (i) be SSAE 16 certified; (ii) have redundant high speed connections to the Internet; and (iii) have backup electrical systems, including an uninterruptible power supply and an electrical generator allowing for at least two months of generated power. Data from the primary Hosting Site shall be replicated to the secondary Hosting Site every evening for disaster recovery purposes. In the event that the Hosted Software is not Available as a result of an issue with the primary Hosting Site, then Service Provider shall ensure that the Hosted Software is immediately Available via the secondary Hosting Site.

17 Contractual Issues Force Majeure
Limit to causes beyond the vendor’s reasonable control and that could not be avoided by the exercise of due diligence Credit or refund for period in which services are not available Right to terminate contract if force majeure event continues for more than an agreed-upon number of days Requirement that vendor use its best efforts to resume service as soon as possible Make clear that force majeure events do not relieve the vendor of its disaster recovery or service level obligations

18 Contractual Issues Sample Language:
Force Majeure. Neither party shall be liable to the other party or be deemed to have breached this Agreement for any failure or delay in the performance of all or any portion of its obligations under this Agreement if such failure or delay is due to any contingency beyond its reasonable control (a “Force Majeure Event”). Service Provider shall be obligated to provide reasonable back-up capability to avoid the potential interruptions from a Force Majeure Event. If a Force Majeure Event occurs, the party delayed or unable to perform shall give immediate notice to the other party. If a party is unable to perform any of its obligations because of a Force Majeure Event, then (i) such party shall immediately resume performing its obligations once the Force Majeure Event is removed, (ii) the other party may cease performing its obligations during the period in which the affected party is not performing, (iii) the other party may terminate this Agreement or any Exhibit or Description Document if a Force Majeure Event prevents a party from performing its obligations under this Agreement or such Exhibit or Description Document for more than 30 days, or (iv) if Service Provider is unable to perform any of its Services as a result of a Force Majeure Event, then Service Provider shall refund Customer a pro rata amount of the fees most-recently paid by Customer for such Services.

19 Contractual Issues Data Security 1. Confidentiality Provisions:
Restrict who can have access to your information Require vendor to be responsible for contractors Restrict how your information can be used Require vendor to use at least reasonable measures to protect your information Require vendor to be responsible for any data that is lost, stolen or compromised while in the possession or control of vendor

20 Contractual Issues Data Security 2. Data Encryption Requirements:
Requirements when transmitting data Requirements when storing data 3. Compliance with Laws: Vendor should be required to comply with all applicable privacy and data protection laws and regulations

21 Contractual Issues Data Security
4. Audit Rights: You should have right to audit the security procedures and data centers of vendor. 5. Security Breach Procedures: Requirement for prompt notification of actual or suspected breach. Provide that customer has sole control over the timing, content and method of the notice. Requirement to cooperate and provide assistance in remedying breach. Remedial obligations, including payment of notification and credit monitoring costs, if applicable.

22 Contractual Issues Data Security 6. Due Diligence:
Type II SSAE 16 Examinations: Requirement that the vendor have Type II SSAE 16 examinations conducted on its controls and procedures for storing, processing and transmitting data, and to provide you copies of the examination reports. Have data security professional review the provider’s security policies.

23 Contractual Issues Sample Language:
During the term of the Master Agreement, Service Provider agrees to comply with the following security provisions: (a) Service Provider shall maintain data security controls, measures, policies and procedures consistent with industry best practices and use its best efforts to prevent unauthorized access to all Customer data. In the event of any security breach or loss of any Customer data, Service Provider shall immediately notify Customer and use its best efforts to remedy such breach or loss, including, but not limited to, taking such actions as reasonably requested by Customer. Customer shall be the sole and exclusive owner of all the Customer data and Service Provider shall only use the Customer data during the term of the Master Agreement to the extent necessary to provide Services to Customer. Service Provider shall promptly provide Customer with any or all of the Customer data requested by Customer from time-to-time in such hard-copy or electronic format as requested by Customer. (b) Service Provider represents and warrants to Customer that attached hereto as Schedule 1 is a current copy of Service Provider’s disaster recovery and backup policy (the “DR Policy”). Service Provider agrees to comply with the DR Policy during the term of the Master Agreement. Service Provider agrees not to make changes to the DR Policy except for changes that do not reduce the protections of the current DR Policy (c) Service Provider shall comply with all applicable federal, state and local privacy related laws and regulations (whether in effect on the date of the Master Agreement or enacted during the term of the Master Agreement).

24 Contractual Issues Sample Language:
(d) When sending any files containing any Customer data over the Internet or other network, Service Provider shall first encrypt such files using PGP encryption software. (e) Service Provider will cause Type II SSAE 16 examinations (or equivalent examinations) to be conducted annually on any information systems and networks used in connection with providing any Services to Customer. Service Provider will provide Customer with a report from each such SSAE 16 examination to facilitate periodic compliance reporting by Customer under Sarbanes-Oxley and other applicable laws and regulations. If any such audit results in Service Provider being notified of control deficiencies or that Service Provider is not in compliance with any requirement set forth in this Data Security Exhibit, Service Provider will promptly take actions to remedy such control deficiencies or comply with such requirement, as the case may be, at no cost to Customer. Upon Customer’s request, Service Provider will provide Customer with an update of Service Provider’s internal controls covering the period from the date of Service Provider’s last SSAE 16 report to the date of the request. (f) Unless Customer instructs Service Provider in writing otherwise, Service Provider shall maintain and retain all Customer data and records in accordance with the records retention policy set forth on Schedule 2 attached hereto (the “Retention Policy”). If requested by Customer in connection with a legal matter involving Customer, Service Provider shall continue to maintain and retain all requested Customer Data and records beyond the periods set forth in the Retention Policy.

25 Contractual Issues Limitation of Liability
Exclusion for IP infringement claims. Exclusion for gross negligence or willful misconduct. Exclusion for breach of confidentiality obligations (and data breach, if possible). Exclusion for property damage/bodily injury. Exclusion for remedial obligations for data breach. If not obtainable, consider a negotiated cap on liability.

26 Contractual Issues Insurance General commercial liability
Professional liability Worker’s compensation Cybersecurity (data breaches, business interruption, and network damage)

27 Indemnification Tortious acts and omissions. Intellectual property infringement. Personal injury/property damage. Breach of confidentiality/security breach.

28 Contractual Issues Sample Language:
Indemnification. Service Provider shall defend and indemnify Customer and its directors, officers, employees and agents (each, an “Indemnified Party”) against, reimburse each Indemnified Party for, and hold each Indemnified Party harmless from, all losses, claims, damages, liabilities and costs (including reasonable attorneys’ fees and expenses) (collectively, the “Losses”) incurred by an Indemnified Party as a result of (a) any breach by Service Provider of any of the terms, conditions, covenants, representations or warranties contained in this Agreement; (b) any personal injury, death or property damage caused by any defective Product or by any employees, contractors or representatives of Service Provider; (c) any claim by a Service Provider employee or contractor for wages, benefits or other compensation; (d) the negligence, willful misconduct or other tortious acts of Service Provider or its employees or contractors; (e) any data of Customer that is lost, stolen or compromised while in the possession or control of Service Provider or the possession or control of any third-party to whom Service Provider provided any Customer data; or (f) any third-party claim alleging that any of the Products, Software, Deliverables or Services infringes on such third-party’s patent, copyright, trademark, trade secret or other intellectual property rights. Service Provider agrees to reimburse each Indemnified Party promptly for all such Losses as they are incurred by such Indemnified Party in connection with the investigation of, preparation for or defense of any pending or threatened claim or any action or proceeding arising therefrom.

29 QUESTIONS?

Download ppt "Contracting for the Cloud"

Similar presentations

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
THE ROLE OF INSURANCE REQUIREMENTS WITHIN AN ORGANIZATION By Aaron Hardiman, MBA, ARM.

THE ROLE OF INSURANCE REQUIREMENTS WITHIN AN ORGANIZATION By Aaron Hardiman, MBA, ARM.
ISTISNA’.

ISTISNA’.
© 2012 McNees Wallace & Nurick LLC CONTRACT ESSENTIALS Diane M. Tokarsky Chair, Construction Law 100 Pine Street, PO Box 1166 Harrisburg, PA 17108-1166.

© 2012 McNees Wallace & Nurick LLC CONTRACT ESSENTIALS Diane M. Tokarsky Chair, Construction Law 100 Pine Street, PO Box 1166 Harrisburg, PA
Clinical Trial Agreements

Clinical Trial Agreements
SERVICE LEVEL AGREEMENTS The Technical Contract Within the Master Agreement.

SERVICE LEVEL AGREEMENTS The Technical Contract Within the Master Agreement.
© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.

© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.
NEGOTIATING INFORMATION TECHNOLOGY SERVICE AGREEMENTS TOP TIPS TO CONSIDER © 2013, WILSON VUKELICH LLP. ALL RIGHTS RESERVED. Diane L. Karnay September.

NEGOTIATING INFORMATION TECHNOLOGY SERVICE AGREEMENTS TOP TIPS TO CONSIDER © 2013, WILSON VUKELICH LLP. ALL RIGHTS RESERVED. Diane L. Karnay September.
Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.

Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.
Topics Changes Risk Assessments Cloud Data Security / Data Protection Licenses, Copies, Instances Limits of Liability and Indemnification Requests for.

Topics Changes Risk Assessments Cloud Data Security / Data Protection Licenses, Copies, Instances Limits of Liability and Indemnification Requests for.
CARLIN LAW GROUP, APC (619)615-5325 Know Your Indemnity Obligation Know Your Risk Know Your Insurance Company by KEVIN R. CARLIN, ESQ.

CARLIN LAW GROUP, APC (619) Know Your Indemnity Obligation Know Your Risk Know Your Insurance Company by KEVIN R. CARLIN, ESQ.
IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.

IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
St. Hugh Catholic School Student iPad Use Liability Agreement.

St. Hugh Catholic School Student iPad Use Liability Agreement.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Design Lease Contracting for Services IT/Security Medical IGA Special Events Providing Services.

Design Lease Contracting for Services IT/Security Medical IGA Special Events Providing Services.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
Legal Issues in SaaS SwANH InfoXchange 2007 Legal Issues in SaaS SwANH InfoXchange 2007 Claire R. Howard, Esq. Getman, Stacey, Schulthess & Steere, P.A.

Legal Issues in SaaS SwANH InfoXchange 2007 Legal Issues in SaaS SwANH InfoXchange 2007 Claire R. Howard, Esq. Getman, Stacey, Schulthess & Steere, P.A.

Similar presentations

Ads by Google